MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
25,717 Commits
34 Branches
364 Tags
186 MiB
Commit Graph

6657 Commits (2.4)

Author SHA1 Message Date
Jakub Onderka 6d686011a0
Merge pull request #8831 from JakubOnderka/ui-fixes 
Better UI
 2024-01-08 17:33:51 +01:00
Jakub Onderka 8678da10d8 chg: [internal] Optimise reportValidationIssuesAttributes 2024-01-05 16:40:49 +01:00
Sami Mokaddem 71e78e6eb3
Merge branch 'feature/publication-blocking-same-user' into develop 2024-01-05 09:57:59 +01:00
iglocska 2ab819f3cb
chg: [analystdata wip] 2024-01-04 19:56:11 +01:00
Jakub Onderka 9c346e8282 fix: [internal] Code style 2024-01-04 17:59:23 +01:00
Jakub Onderka c944c4ae3d fix: [internal] Do not use deprecated method 2024-01-04 17:36:58 +01:00
Jakub Onderka 9ac760110c fix: [internal] Remove unused variables 2024-01-04 17:33:26 +01:00
Jakub Onderka edd6d3f157
Merge pull request #9473 from JakubOnderka/logging 
chg: [internal] Do not log in audit log last_api_access
 2024-01-04 16:38:02 +01:00
Jakub Onderka b5fe0722eb fix: [internal] Session destroy 2024-01-04 16:16:52 +01:00
Christian Studer 3b0490cfbf
Merge branch '2.4' of github.com:MISP/MISP into develop 2024-01-04 13:42:37 +01:00
Raphaël Vinot 0f268782cc chg: [PyMISP] Bump version 2024-01-04 13:41:18 +01:00
Jakub Onderka 6b0fb4a638 chg: [internal] Refactor UserController::_postlogin 2024-01-04 12:20:38 +01:00
Jakub Onderka 9d81da4df2 fix: [internal] Fix view user login history 2024-01-04 11:24:36 +01:00
Sami Mokaddem 160d7442ff
Merge branch 'feature/analyst-notes' into notes 2024-01-04 11:20:04 +01:00
iglocska e04c810ae3
new: [analystdata] wip 2024-01-04 10:12:47 +01:00
Jakub Onderka 54fa92be71 fix: [internal] Code style 2024-01-04 10:11:14 +01:00
Sami Mokaddem 3cf306bee5
fix: [events:getThreads] Removed fake unused function 2024-01-04 09:50:56 +01:00
Sami Mokaddem f6abd75732
Merge remote-tracking branch 'mokaddem/feature/analyst-note-ui' into feature/analyst-notes 2024-01-04 09:49:05 +01:00
Stefano Ortolani 815f8f6f3c fix: searching events by event_tags 2024-01-03 18:08:00 +00:00
Jakub Onderka 67b393ea7b chg: [internal] Move field description to controller 2024-01-03 09:08:42 +01:00
Jakub Onderka d6c0514644 fix: [internal] Undefined index sharing_group_id when uploading stix file 2024-01-03 09:08:42 +01:00
Jakub Onderka af4644f534 fix: [internal] Code cleanup for IP logging 2023-12-29 09:59:10 +01:00
Jakub Onderka 786becad1a chg: [internal] Code cleanup for user login profile 2023-12-22 22:52:02 +01:00
iglocska f8632849c6
new: [garbage collection] added for temporary files 2023-12-22 15:50:20 +01:00
iglocska c51d0a1adb
fix: [datasource] added to valid datasources list 2023-12-21 09:46:00 +01:00
iglocska 1cacb3abcc
new: [sg blueprint] encode as sync rule functionality added 2023-12-20 15:32:51 +01:00
Sami Mokaddem 8015f76c69
new: [analyst-notes:UI] Started UI for analyst notes - WiP 2023-12-20 14:36:45 +01:00
iglocska 8b4bb3b34a
chg: [addTag] functions changed to also work with uuids, rather than just local IDs 
- as reported by @0x3c7
 2023-12-19 12:25:17 +01:00
Sami Mokaddem e900d37366
chg: [events:publish] Improved phrasing on the publication blocking if creator == publisher 2023-12-18 10:10:45 +01:00
Sami Mokaddem fc135af841
new: [event:publication] Added new setting to block event publication if the user is the creator 
Enabling this setting will change the behavior of MISP so that it will block the publication of an Event if the publisher is the same as the event creator.
 2023-12-18 09:58:24 +01:00
Christian Studer 6a0f3f1b73 Merge branch 'develop' of github.com:MISP/MISP into develop 2023-12-14 14:11:43 +01:00
Raphaël Vinot 5ce35df6ce chg: [PyMISP] Bump 2023-12-14 12:54:31 +01:00
Christian Studer 6cdfa7b5f7 Merge branch 'develop' of github.com:MISP/MISP into develop 2023-12-12 11:25:52 +01:00
Christian Studer bdcfe06cf3
add: [upload_stix] Handling cluster distribution and sharing group for content imported from STIX 2.x 2023-12-12 10:57:57 +01:00
iglocska 92888b1376
fix: [security] new audit logs lack of ACL controls 
- added proper ACL handling to the new audit logs
- as reported by fukusuket(Fukusuke Takahashi)
 2023-12-12 10:04:28 +01:00
iglocska 5bed463416
chg: [logging] fail silently if logging entry can't be saved 
- can happen when the log change is too large for example
- no need to roll back / break sync for example if a log entry is too large, just fail silently.
 2023-12-07 15:17:58 +01:00
iglocska c124df0e47
fix: [password reset] required current password for token based reset 2023-12-07 10:31:50 +01:00
iglocska 4215285443
fix: [Alert on suspicious logins] disabled by default 
- requires logs table to be better indexed currently to not be a bottleneck (user_id and action fields)
- Will be made default in an upcoming version once the performance issues are resolved
 2023-12-01 22:10:50 +01:00
Christophe Vandeplas aac06b2831 fix: [userloginprofiles] undefined variable #9424 2023-12-01 09:03:29 +01:00
Christophe Vandeplas 0934ab6580 fix: [customauth] missing Class init fixes #9425 2023-12-01 08:35:34 +01:00
Christophe Vandeplas 7f9d7c9e44 fix: [login] fixes bad fix and catches first login after update 2023-11-30 11:16:42 +01:00
iglocska 56cd155367
Merge branch 'develop' into 2.4 2023-11-29 20:33:56 +01:00
iglocska d63fbfaf87
new: [api] added X-MISP-AUTH as an alternative header to Authorization, fixes #9418 2023-11-29 19:59:43 +01:00
iglocska ac8f507d55
fix: [user login profile] skip checks for ancient php versions 2023-11-29 12:16:14 +01:00
iglocska b5437eda1d
fix: [RPZ] export custom parameters ingored, fixes #9420 2023-11-28 14:06:44 +01:00
Christophe Vandeplas 7e2cb89f97
Feature/user login profiles2 (#9379) 
* new: [userloginprofiles] start over with previous code

* fix: [user_login_profiles] fixes catching up the backlog

* chg: [userloginprofile] email to org_admin for suspicious login

* chg: [userloginprofile] only inform new device

* chg: [userloginprofiles] view_login_history instead of view_auth_history

* chg: [userloginprofile] make login history visually better

* chg: [userloginprofile] inform admins of malicious report

* fix: [userloginprofile] cleanup

* fix: [userloginprofile] fixes Attribute include in Console

* fix: [userloginprofile] db schema and changes

* chg: [CI] log emails

* chg: [PyMISP] branch change

* chg: [test] test

* fix: [userloginprofile] unique rows

* fix: [userloginprofile] unique rows

* chg: [cleanup]

* Revert "chg: [PyMISP] branch change"

This reverts commit 3f6fb46fee.

* fix: [userloginprofile] fix worksers with monolog=1.25 browcap=5.1

* fix: [db] dump schema version

* fix: [CI] newer php versions

* fix: [composer] php version

* fix: [php] revert to normal php7.4 tests

---------

Co-authored-by: iglocska <andras.iklody@gmail.com>
 2023-11-24 13:47:59 +01:00
Raphaël Vinot 79e91820ef chg: [PyMISP] Bump version 2023-11-23 13:47:57 +01:00
iglocska 431f5acd9b
Merge branch 'tmpfiletool' into develop 2023-11-23 12:17:47 +01:00
iglocska dfe3b786a9
Merge branch 'nohooks' into develop 2023-11-23 09:18:57 +01:00
iglocska b82093bfe3
fix: [login] action replaced with hard coded route to baseurl . /users/login 2023-11-23 09:14:01 +01:00
Marek Zpevacek 88ef1ac69c
Rreally proper place to import TmpFileTool 2023-11-21 12:53:00 +01:00
Marek Zpevacek 4644e825c1
Fix import of TmpFileTool in RestResponseComponent 2023-11-21 12:35:26 +01:00
iglocska d015f9cae7
new: [WiP] edit refactor 2023-11-20 14:13:15 +01:00
Luciano Righetti bc07446a82 fix: taxonomy view filter is not kept when switching pages, fixes #8875 2023-11-15 12:04:28 +01:00
iglocska d744e6f3d5
new: [event edit] skip validation hooks on demand 
- WiP for bulk ingestion of minor changes
 2023-11-15 07:37:11 +01:00
Jakub Onderka f40b3cb2cb fix: [internal] ACL 2023-11-11 14:56:54 +01:00
Luciano Righetti e1f99a2824 fix: api order not working because of dropped param/incorrect handling, related to #9359 2023-11-09 09:56:57 +01:00
Sami Mokaddem 9ffcae7155
fix: [sightings:view] Added missing entry in ACL Component 2023-11-07 15:17:54 +01:00
Sami Mokaddem e83295ef35
new: [sightings:view] Added endpoint sightings/view to get sightings by ID or UUID 2023-11-07 15:16:39 +01:00
iglocska 9c5919f96e
new: [event report] fetch from url now detects other formats 
- pdf, xlsx, pptx, ods, odt, docx extension documents are now imported via the given module
 2023-11-02 14:41:06 +01:00
iglocska 075a68f187
Merge branch 'llm_tests' into develop 2023-10-31 15:04:27 +01:00
iglocska 511538c14a
fix: [internal] mactime template uuid fix and saveObject improvement 2023-10-31 15:02:26 +01:00
Sami Mokaddem 2253338b65
chg: [workflow:normalizeData] Gracefully cath exception and provide more feedback when supplying wrong input data 
Fix #9344
 2023-10-25 16:20:39 +02:00
Sami Mokaddem 8d01368bf7
fix: [events:view] Remove any tooltip upon closing the popover form 
This will make @iglocska happy.
 2023-10-25 15:39:25 +02:00
Sami Mokaddem 786ad2dde8
fix: [warninglist:crud] Nicer error message when trying to save no values 
Fix #9179 thanks to @vincenzocaputo for the initial work!
 2023-10-25 11:45:00 +02:00
Sami Mokaddem fb1c6bb0bc
chg: [workflow] Jinja template rendering is done automatically based on param options 2023-10-25 10:52:59 +02:00
iglocska a136c07562
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-10-24 22:31:01 +02:00
iglocska f2ff8441e3
fix: [user search] in index, removed old style authkey as a valid search field 2023-10-24 19:56:31 +02:00
iglocska db385f030f
fix: [user search] in index, removed old style authkey as a valid search field 2023-10-24 19:55:36 +02:00
Raphaël Vinot 8407961025 chg: [PyMISP] Bump version 2023-10-24 15:10:57 +02:00
Sami Mokaddem c952fcad4b
fix: [objects:edit] Restored behavior of upgrading object to newer template 2023-10-24 09:26:41 +02:00
iglocska d4256ad87a
fix: [llm test] should work nao 2023-10-18 16:45:50 +02:00
Sami Mokaddem da3df61950
chg: [eventReport:sendToLLM] Stop debugging 2023-10-17 23:26:56 +02:00
Sami Mokaddem 3fd50f007a
new: [eventreport:sendToLLM] Added draft of feature 2023-10-17 21:53:51 +02:00
iglocska 94585b4dad
fix: [warninglists] default to matching types ALL if nothing is set 2023-10-17 21:10:12 +02:00
iglocska 00d22d29b1
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-10-05 17:05:59 +02:00
iglocska a3c728674f
chg: [event restsearch] exposed includeGranularCorrelations 
- and also made it visible in the JSON output
 2023-10-05 17:05:22 +02:00
Jeroen Pinoy f7c4d9345d
new: [RestClient] Add user totp_delete to query builder 2023-10-04 17:50:43 +02:00
Andras Iklody b33720aa46
Merge pull request #9310 from tomking2/bug/attribute_sharinggroup_filter 
Regression - Rest search with 'attributes' controller no longer filters by sharing group ID
 2023-10-04 14:12:42 +02:00
Sami Mokaddem 182e7aa87f
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-10-04 13:17:26 +02:00
Sami Mokaddem 00c7a7169e
fix: [security] XSS in selectGalaxy 
- As reported by Zigrin Security
 2023-10-04 13:16:33 +02:00
Tom King 24ac6ae4b8 fix: [Attribute REST] Add sharinggroup as an allowed parameter for attribute filtering 2023-10-03 14:41:55 +01:00
iglocska b6386674c4
Merge branch '2.4' into develop 2023-10-02 15:30:51 +02:00
iglocska 7bd64bc23f
fix: [search] pagination fix 2023-10-02 15:30:17 +02:00
Christian Studer 47526fa675
chg: [upload_stix] Properly getting the changes on the Galaxies handling option from the form 2023-09-28 13:12:56 +02:00
Christian Studer 35ea184c2d
chg: [upload_stix] Visual improvement with descriptions added 
- More information on the different options to
  handle galaxies and clusters while importing
  STIX 2 content
- More information on the debugging options
 2023-09-28 12:46:43 +02:00
Jeroen Pinoy 5b627c076a
fix: [AuthKeys] Allow users to edit own authkeys, fix #9292 (#9293) 2023-09-28 11:15:18 +02:00
Jeroen Pinoy 2f790c2f17
[users:totp] set correct rest response action for totp_delete (#9303) 2023-09-28 10:57:01 +02:00
iglocska 2c931c6058
fix: [API] filter parameters added 2023-09-24 19:29:43 +02:00
iglocska e9c410687b
chg: [tests] make em happy with re-including a filter parameter that worked before, albeit unintentionally 2023-09-24 14:34:13 +02:00
iglocska a316e9ff64
fix: [ibternal] invalid ; instead of , 
- Me not think good.
 2023-09-24 09:21:32 +02:00
iglocska 83ffa8eb9f
fix: [restsearch] parameters fixed 2023-09-24 08:43:13 +02:00
Sami Mokaddem 28179ced9c
chg: [config:customAuth_header] Default to upper case. 
- See $_SERVER make passed headers upper case
 2023-09-22 11:43:02 +02:00
iglocska 664034b193
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-09-22 10:36:40 +02:00
iglocska 00b25a9f93
fix: [taxonomy] enable/disable creating junk taxonomies on invalid ID, fixes #9273 2023-09-22 10:36:08 +02:00
Sami Mokaddem d339ffa792
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-09-22 10:18:46 +02:00
Sami Mokaddem d04053d4b0
chg: [posts:crud] Prevent readonly users to create posts 2023-09-22 10:17:43 +02:00
Jeroen Pinoy 9e66f12a7f
fix: [RestSearch] allow filtering on eventinfo for events and attributes 2023-09-19 20:06:15 +02:00
Raphaël Vinot ed381cae97 chg: [PyMISP] Bump 2023-09-15 10:37:04 +02:00
iglocska ed96864894
new: [logs] add time based filter 2023-09-14 14:14:51 +02:00
iglocska 37ecf81b84
fix: [internal] improved parameter parsing 2023-09-14 12:55:17 +02:00
iglocska 22f68a2b15
Merge branch 'pw_change_time' into develop 2023-09-13 15:48:59 +02:00
Luciano Righetti 158c8b2f78 fix: properly filter out query parameters 2023-09-13 08:18:15 +02:00
Jeroen Pinoy 7ce06cad9f
new: [Users] add last password change timestamp for users 2023-08-29 13:47:24 +02:00
Luciano Righetti b99bfef287
Merge pull request #9266 from Wachizungu/fix-indexfilter-massage 
fix: [CRUD-IndexFilter] correct index page filtering for REST request…
 2023-08-24 14:20:09 +02:00
Luciano Righetti 2cc0a08628
Merge pull request #9259 from TomOgs/ServerEditIssue 
fix: check for existence of push_rules in /server/edit requests before parsing JSON
 2023-08-24 14:19:48 +02:00
Jeroen Pinoy 1883366490
fix: [CRUD-IndexFilter] correct index page filtering for REST requests. fix #9265 2023-08-24 13:49:24 +02:00
Luciano Righetti 7c3914a4be fix: event audit log pagination bug, fixes #9245 2023-08-24 11:58:28 +02:00
Raphaël Vinot 6ac212311d chg: [PyMISP] Bump 2023-08-23 14:01:02 +02:00
TomOgs 0e89fd0124
fix: prevent push_rules from being required in API requests to /server/edit endpoint 2023-08-22 21:04:37 +08:00
Sami Mokaddem 60468554a8
Merge remote-tracking branch 'origin/2.4' into develop 2023-08-11 10:57:38 +02:00
Luciano Righetti 09fb0cba65 fix: [security] reflected xss on dashboard edit 2023-08-11 09:53:21 +02:00
Alexandre Dulaunoy e88785ea30
Merge pull request #9225 from Wachizungu/fix-galaxy-view-galaxy-clusters-search 
fix: [Galaxies] fix galaxy view, galaxy clusters index search. fix #9224
 2023-08-09 16:38:34 +02:00
Alexandre Dulaunoy e678419365
Merge pull request #9233 from righel/fix-8875 
Fix /taxonomies/view string filter
 2023-08-09 16:26:17 +02:00
Sami Mokaddem 2f0bd270c1
Merge remote-tracking branch 'origin/2.4' into develop 2023-08-09 15:20:17 +02:00
Sami Mokaddem 664504f7f6
new: [user:periodicReporting] Allow setting the number of days to look back (UI only) 2023-08-09 15:19:58 +02:00
Sami Mokaddem 3c097f8202
fix: [dashboard:csvExport] Quote elements and correctly apply line break 2023-08-09 14:56:24 +02:00
Sami Mokaddem 51a1441a4a
chg: [dashboard:exportcsv] Small refactoring 2023-08-09 10:24:34 +02:00
Sami Mokaddem 9faf497749
Merge remote-tracking branch 'origin/2.4' into develop 2023-08-07 14:32:52 +02:00
Sami Mokaddem 123b1d07c2
new: [dashboard:export] Added CSV export functionality 2023-08-07 14:32:21 +02:00
Luciano Righetti ccb409d4b6 fix: not supported 2023-08-03 15:56:54 +02:00
Luciano Righetti c4b339fe65 fix: /taxonomies/view filter fixes #8875 2023-08-03 15:52:56 +02:00
Luciano Righetti 1461fea281 Merge branch 'develop' into allow-enrich-objects 2023-08-01 09:48:44 +02:00
Jeroen Pinoy 802542ef39
fix: [Galaxies] fix galaxy view, galaxy clusters search. fix #9224 2023-07-31 16:36:47 +02:00
Raphaël Vinot f22c82e87a chg: [PyMISP] Bump. 2023-07-31 12:08:29 +02:00
Sami Mokaddem 967d01b4a1
Merge branch 'develop' of github.com:MISP/MISP into feature_workflows/enrichment-improvements 2023-07-31 09:41:47 +02:00
Luciano Righetti 7c28cee942 fix: revert loginAction override 2023-07-28 15:29:46 +02:00
iglocska 4ad70965b5
fix: [totp] generate a new totp secret each time a the totp_new endpoint is queried via a GET request, fixes #9220 2023-07-28 13:10:19 +02:00
Sami Mokaddem 26779f7753
chg: Bumped queryVersion 2023-07-28 10:42:38 +02:00
Luciano Righetti a84de1f444
Merge pull request #9211 from righel/fix-attr-search-pagination-9157 
fix: light pagination bug in /attributes/search/results see #9157
 2023-07-26 09:42:58 +02:00
Luciano Righetti a3b07ff49f fix: light pagination bug in /attributes/search/results see #9157 2023-07-26 09:38:58 +02:00
iglocska 015c5a4b94
Merge branch 'loginAction' into develop 2023-07-24 23:29:26 +02:00
iglocska 47ba11e246
fix: [proposal] index should also include the "deleted" field 2023-07-24 00:52:44 +02:00
iglocska 786f46edb4
fix: [proposal] proposal index fix as described 2 commits ago 2023-07-24 00:50:29 +02:00
iglocska a0f6c4e45a
fix: [proposal accept] fixed for deletions 
- soft delete rather than hard delete or the propagation will fail
 2023-07-24 00:19:24 +02:00
iglocska b89871978f
Merge branch 'sighting_push_fix' into develop 2023-07-24 00:10:13 +02:00
iglocska b3180624bb
fix: [sightings] only pushed via full push to avoid congestion 
- the old behaviour can be re-enabled via Sightings.enable_realtime_publish
- massive performance gain on heavily interconnected instances
 2023-07-24 00:08:53 +02:00
Christian Studer edb13cfd02 Merge branch 'develop' of github.com:MISP/MISP into develop 2023-07-21 16:35:05 +02:00
Mathieu Rollet 9e15f352d0
explicitly set loginAction with baseurl 2023-07-17 16:14:49 +02:00
iglocska 65bb3ef6eb
fix: [security] otp reset otp_secret on logout 
- changing users within the same session can otherwise lead to the creation of the same otp seed for multiple users
 2023-07-17 01:15:34 +02:00
Andras Iklody 64ef573bfd
fix: [acl] sighting restsearch should be open to all, fixes #9116 2023-07-13 20:35:22 +02:00
Luciano Righetti 2c661b565f new: allow user to enrich objects 2023-07-11 16:36:20 +02:00
Raphaël Vinot fccbc08185 chg: [PyMISP] Bump version 2023-07-10 16:19:05 +02:00
iglocska be28fdf53c
fix: [pw reset] fix (pass the token for deletion) 2023-07-10 16:08:07 +02:00
iglocska 71fdd9ac20
fix: [forgotten password] fixed 2023-07-10 16:02:34 +02:00
iglocska 68cb56037f
fix: [password reset] various issues 2023-07-10 15:58:28 +02:00
iglocska b121af4c13
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-07-10 15:34:16 +02:00
iglocska 8ff6dc2ea1
new: [forgotten password] optional feature added 2023-07-10 15:30:28 +02:00
iglocska df3b8446b3
Merge branch '2.4' into develop 2023-06-29 12:39:45 +02:00
iglocska 26ad0ef607
fix: [customauth] Don't renew the session with each query 
- Leave the session handling to the normal life-cycle management
- should solve the issues where CSRF keeps kicking users off
 2023-06-29 12:38:29 +02:00
Luciano Righetti f125630c1c fix: properly handle different cert file extensions in server sync. #9084 2023-06-28 09:42:12 +02:00
iglocska 0545d448f9
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2023-06-26 18:17:18 +02:00
iglocska 404c71ade6
new: [dashboard widget] added functionalities to download widget raw data 
- download the JSON passed to the front-end of a widget on-demand
 2023-06-26 18:16:31 +02:00
iglocska 640e6ef0b5
new: [dashboard widget] added download parameter to the widget system 2023-06-26 18:15:17 +02:00
Stefano Ortolani 98dd4286ea Fix search galaxy clusters 2023-06-24 12:54:09 +01:00
iglocska 3bf85ea29f
chg: [TOTP] set name 2023-06-21 14:52:53 +02:00
iglocska 7853cf70c2
fix: [UI] index searches will handle spaces correctly 2023-06-14 18:39:06 +02:00
Raphaël Vinot 6a1963930b chg: [PyMISP] Bump 2023-06-08 15:14:58 +02:00
iglocska 15d5b58769
fix: [acl] added missing entries 2023-06-08 14:23:14 +02:00
iglocska de9ac9588a
fix: [capitalisation] fail 2023-06-08 13:15:34 +02:00
iglocska a41a438290
fix: [acl] fixed for taxii servers 2023-06-08 10:50:31 +02:00
iglocska a752d29e03
new: [taxii preview] Browse a taxii server and view the data it contains 
- browse collections
- browse contents of the individual collections and paginate through the data
 2023-06-07 14:31:58 +02:00
Christophe Vandeplas 27ece6afba fix: [AuthKeys] improve readability of add ACL 2023-06-04 09:25:19 +02:00
Christophe Vandeplas d056b8dceb fix: [AuthKey] Cleanup AuhKey permissions fixes #9121 2023-06-04 09:14:11 +02:00
Christophe Vandeplas 132afb7321 fix: [Users] fixes column not found Role.perm_site_admin 2023-06-04 08:18:52 +02:00
Christophe Vandeplas b2bb4f817b fix: [security] Org admins cannot delete site admin accounts see #9121 2023-06-04 07:01:29 +02:00
iglocska 8d596784e3
fix: [privileges] only site admins can remove totp for a user 
- leads to potential privilege check circumvention otherwise (org admin deleting site admin's totp key)
- also, removal should be a nuclear option
 2023-05-31 15:12:54 +02:00
iglocska 3097dc106e
fix: [totp field check] causes exception if update is not executed yet and the field isn't added 
- without the login the update doesn't execute - chicken & egg issue
 2023-05-31 15:11:51 +02:00
Christophe Vandeplas cb74ad507f chg: [security] OTP support for HOTP 2023-05-25 23:28:14 +02:00
Christophe Vandeplas afbb9fab95 chg: [security] TOTP anti-bruteforce support 2023-05-25 21:12:07 +02:00
Christophe Vandeplas 6311f7d3e6 Merge branch 'develop' into feature/totp 2023-05-25 20:53:06 +02:00
Jakub Onderka 3acccf9875
Merge pull request #8830 from JakubOnderka/access-log-enhancement 
Access log enhancement
 2023-05-24 13:38:06 +02:00
Jakub Onderka 2e753abea1 chg: [internal] Use less memory when encoding big JSON responses 2023-05-24 09:56:43 +02:00
Jakub Onderka 44738e4382 chg: [UI] Show user agent in title in access log 2023-05-24 09:56:43 +02:00
Jakub Onderka 90d7d66ee6
Merge pull request #8906 from JakubOnderka/fix-missing-user-id 
fix: [internal] Missing user_id field for event when editing shadow attribute
 2023-05-24 09:55:24 +02:00
Jakub Onderka b9902618eb
Merge pull request #8909 from JakubOnderka/fix-notice 
fix: [internal] Undefined index for invalid request
 2023-05-24 09:53:50 +02:00
iglocska 7a3b8617eb
Merge branch '2.4' into develop 2023-05-23 10:48:09 +02:00
iglocska a94777231b
fix: [templates controller] remove CSRF protection from the rearranging 
- worst case an attacker messes with the order of a template's fields via CSRF, don't think anyone will ever care
- removes the annoying blackholing for the drag and drop
 2023-05-23 10:46:54 +02:00
Christophe Vandeplas a5f5a4e113 chg: [user] log last_api_access hourly if MISP.store_api_access_time is not set 2023-05-21 20:12:44 +02:00
Christophe Vandeplas acb258cc52 chg: [security] User index inactive user filter 2023-05-21 19:29:56 +02:00
Christophe Vandeplas c5483cf4b5 fix: [cleanup] removes some TODO messages #103 2023-05-21 10:09:05 +02:00
Christophe Vandeplas dbf827f536 fix: [feeds] fix missing variable for view 2023-05-21 08:49:33 +02:00
Christophe Vandeplas e90083020f chg: [security] Require TOTP and QR code lib for TOTP secret creation 2023-05-20 10:26:45 +02:00
Christophe Vandeplas 8e370fa6f0 chg: [security] TOTP event logging 2023-05-20 10:13:56 +02:00
Christophe Vandeplas dac7aaf7d6 chg: [security] Disallow creation of TOTP token if LinOTP is enabled 2023-05-20 09:20:36 +02:00
Christophe Vandeplas 81db5958d9 chg: [security] Allow enforcement of TOTP 2023-05-20 08:56:40 +02:00
Christophe Vandeplas 856a9e4b4c chg: [security] admins can delete user TOTP 2023-05-20 08:05:48 +02:00
Christophe Vandeplas 61573392ea chg: [security] allow creation of TOTP token 2023-05-19 20:56:52 +02:00
Christophe Vandeplas 6caccac94d new: [security] TOTP authentication 2023-05-19 06:57:16 +02:00
Jakub Onderka 2f1d56509c chg: [internal] Code cleanup for galaxy import 2023-05-17 13:56:17 +02:00
iglocska 9f5e49995a
Merge branch 'new_widgets' into develop 2023-05-16 14:12:59 +02:00
iglocska 712321eb81
new: [dashboard templates] show which modules will be visible to the given user 2023-05-16 14:04:32 +02:00
iglocska a60202d9d1
fix: [junk removed] removed accidentally inserted characters 
- fell asleep on the keyboard?
 2023-05-16 13:41:44 +02:00
iglocska 9e763ba0e5
new: [auth] log api key usage in redis 
- lightweight per day slice of api key use
- built as a ranked set in redis for the dashboards
 2023-05-16 13:39:31 +02:00
Raphaël Vinot 1d53868c99 chg: [PyMISP] Bump version 2023-05-12 00:10:36 +02:00
Sami Mokaddem a2719e3c82
chg: [appController] Bumped queryVersion 2023-05-04 09:13:01 +02:00
Sami Mokaddem 8507fc5d6b
Merge branch 'feature-workflow-filtering-modules' into develop 2023-05-04 09:12:19 +02:00
Jakub Onderka 9e4c67b900 fix: [internal] Warning when searchvalue is not defined 2023-05-03 18:15:40 +02:00
Sami Mokaddem dc9a1489e1
Merge branch 'develop' of github.com:MISP/MISP into feature-workflow-filtering-modules 2023-05-03 14:57:04 +02:00
Sami Mokaddem a548fbc8a9
chg: [workflow] Updated filter add/reset and added support + fixed bunch of bugs 
Also added raw (patched) drawflow library source code
 2023-05-03 14:56:38 +02:00